-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms | composer | >= 4.4.0, <= 4.4.13 | 4.4.14 |
| typo3/cms | composer | >= 4.5.0, <= 4.5.13 | 4.5.14 |
| typo3/cms | composer | >= 4.6.0, <= 4.6.6 | 4.6.7 |
Miggo AIRoot Cause AnalysisThe core vulnerability stems directly from the t3lib_div::RemoveXSS method's failure to strip non-printable characters as evidenced by: 1) CVE description explicitly naming this API method 2) TYPO3 security bulletin stating 'specially crafted HTML injections via non printable characters' 3) Debian advisory linking CVE-2012-1608 to this method. This is the primary input sanitization function that would appear in stack traces when processing malicious payloads containing obfuscated XSS vectors.